Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Multiple Vulnerabilities in Splunk Enterprise Products ​
Alerts

Multiple Vulnerabilities in Splunk Enterprise Products ​

4 November 2022

Splunk has released security updates to address nine high severity vulnerabilities in their Splunk Enterprise Products.

The vulnerabilities are as follows:

  • CVE-2022-43571 - An authenticated attacker can send a specially crafted request to the affected application and execute arbitrary code remotely on the target system.

  • CVE-2022-43567 - An authenticated attacker can pass specially crafted data to the affected application and execute arbitrary code remotely on the target system.

  • CVE-2022-43570 - An authenticated attacker can pass a specially crafted extensible markup language (XML) code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.

  • CVE-2022-43568 - An attacker can trick a user to follow a specially crafted link and execute arbitrary HTML and script code in the user's browser in context of the vulnerable website.

  • CVE-2022-43563 - An attacker can trick a user with privileged permissions to visit a specially crafted web page and perform arbitrary actions on behalf of the user on the vulnerable website and use the ‘rex’ search command to bypass search processing language (SPL) safeguards for risky commands.

  • CVE-2022-43565 - An attacker can trick a user with privileged permissions to visit a specially crafted web page and perform arbitrary actions on behalf of the user on the vulnerable website and bypass implemented SPL restrictions via the ‘tstats’ command.

  • CVE-2022-43569 - An authenticated attacker can inject and execute arbitrary HTML and script code in an user's browser in context of the vulnerable website.

  • CVE-2022-43566 - An authenticated attacker can trick a user with privileged permissions to visit a specially crafted web page and perform arbitrary actions on behalf of the user on the vulnerable website.

  • CVE-2022-43572 - An attacker can trigger resource exhaustion by sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer.

The following products are affected by these vulnerabilities:

  • Splunk Enterprise versions 8.1.0 to 8.1.11

  • Splunk Enterprise versions 8.2.0 to 8.2.8

  • Splunk Enterprise versions 9.0.0 to 9.0.1

Administrators and users of affected product versions are advised to upgrade to the latest versions immediately.

More information is available at:
https://www.splunk.com/en_us/product-security.html
https://www.securityweek.com/splunk-patches-9-high-severity-vulnerabilities-enterprise-product

Back to top